Flag: Tornado! Hurricane!

 Forums >>  Target Specific - General  >>  Robbinhood ransomware rootkit 2020 #enc_robbin_hood

Topic created on: February 23, 2020 10:55 CST by alattar .

hello ,
my name is ahmed alattar , first I want to say its an honor just at least my registering here.

one of my clients got infected with robin hood ransome ware new built witch was compiled as Robbin WITH double BB , this ransomeware was made and compiled last month so its fresh. and undetectable.  
however , we reported our static analysis to total virus and other platforms out there.

I did some dynamic analysis too , and got its masterkey/keyphrases : robin_A_f00D132 for end-user/servers logins.
plus after doing the null attack , I discovered the ransomware has a 15byte base encryption (unblock chained)

in its ransom note, it says that it uses RSA 40XX key / AES how ever, I think they uses smaller keys.

a lot of files are encrypted , in multi-servers, however they keep asking the client for their active directory domain and such.

now am trying to make a decryptor of that ransomware , but am out of luck atm because :
the poor knowledge of IDA and assembly language in general
and I have problem with anti-virtualization , so am training my best to attend reverse engineering online training.

one of these training platforms INFOSEC inst. lead me here and other programs I used.

is it possible , to help me on the decryptor ?
or even instruct/teach me ?

I don't mind hiring for both requests.

best regards

No posts found under this topic.
Note: Registration is required to post to the forums.

There are 31,202 total registered users.


Recently Created Topics
Robbinhood ransomwar...
Feb/23
Information on the t...
Feb/08
Information on the m...
Feb/07
Order Finax, Fincar ...
Feb/07
Information on the m...
Feb/07
Order Proscar (Finas...
Feb/07
Order Proscar, Finax...
Feb/07
Order Finasteride, F...
Feb/07
How to view IDA Pro'...
Nov/02
reverse MC9S12DG128
Oct/07


Recent Forum Posts
Finding the procedur...
rolEYder
Question about debbu...
rolEYder
Looking for an advan...
tthtlc
Looking for an advan...
tthtlc
Looking for an advan...
clightning
Identify RVA data in...
sohlow
let 'IDAPython' impo...
sohlow
How to find specific...
hackgreti
Problem with ollydbg
sh3dow
How can I write olly...
sh3dow


Recent Blog Entries
nieo
Mar/22
Android Application Reversing

halsten
Mar/14
Breaking IonCUBE VM

oleavr
Oct/24
Anatomy of a code tracer

hasherezade
Sep/24
IAT Patcher - new tool for ...

oleavr
Aug/27
CryptoShark: code tracer ba...

More ...


Recent Blog Comments
ComPuer on:
May/14
Android Application Reversing

nieo on:
Mar/22
IAT Patcher - new tool for ...

djnemo on:
Nov/17
Kernel debugger vs user mod...

acel on:
Nov/14
Kernel debugger vs user mod...

pedram on:
Dec/21
frida.github.io: scriptable...

More ...


Imagery
SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit